Fixed Poor Netflix Performance with pfSense

I was having terrible Netflix performance when connecting through my pfSense 2.3 router (running on XenServer 6.5), but Netflix was fine when I bypassed pfSense altogether or when I connected to Netflix through my StrongVPN connection passing through pfSense.

After much research, investigations, and Wiresharking, I made the following three configuration changes that seem to have fixed the problem.

From the System / Advanced / Firewall & NAT config page:

In the Firewall Advanced section, in the IP Do-Not-Fragment compatibility row, I selected the checkbox for Clear invalid DF bits instead of dropping the packets.

Also in the Network Address Translation section, in the Enable automatic outbound NAT for Reflection row, I selected the checkbox Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from.